Last updated: July 3, 2022
Nmap is an open source port scanner that provides information about the operating system of a remote computer. This software is increasingly used by network administrators because it provides very precise indications of a network.
Nmap is available on Linux, Windows and Mac OS.
In this article we will see the basic operation of Nmap. Then, we will define the weak points of your network or your machines to avoid unforeseen attacks.
What is the role of Nmap?
The purpose of the Nmap scanner is very simple: it allows you to find in a very short time, all open ports on a remote machine. It also allows you to know the type and version of the OS running on the machine.
For example we can discover thanks to NMAP that a system hosts Windows Server with a certain version. If this version of Windows has listed vulnerabilities, you can then launch attacks to take control of this machine.
Nmap installation
On Windows
First of all, first download the file in .EXE Nmap.
Once the file is recovered, double-click on it. The installation wizard opens. Then successively click on NEXT, I agree, Next, Next.
Then click install, And then Finish.
At the end of the installation, open thecommand prompt and move to the folder Nmap "C:\Program Files (x86)\Nmap" with the following commands:
cd "\Program Files (x86)\Nmap"
Note that Nmap for Windows now includes the GUI. If you prefer to use it with the interface, there should be a new icon on your desktop.
However here, we will teach you how to use Nmap from the command line. It's faster and more convenient.
On linux
If you are under the Debian-based distributions, the NMAP package is pre-installed and you just have to type the following command:
Then if you use kali-linux , you won't have to do the installation. It is also already installed on your system.
Finally, if you use distributions based on RPM packages (Redhat, Mandrake, Suse, etc.) then these simple commands usually do the trick:
rpm -vhU https://nmap.org/dist/zenmap-7.80-1.noarch.rpm
rpm -vhU https://nmap.org/dist/ncat-7.80-1.x86_64.rpm
rpm -vhU https://nmap.org/dist/nping-0.7.80-1.x86_64.rpm
Note that on Linux, you can also use Nmap with a graphical interface thanks to Zenmap.
How to use Nmap?
Identify the operating system of a remote machine
Si Nmap can not identify the version of your OS, we can display a list of systems that could potentially match.
Discover machines on a network
If you want to identify all the machines on your network.
See the open ports on a machine
Un port scan allows you to see how your machine is seen from the outside, which services are accessible. On the other hand, a port scan allows a hacker to see the services running remotely in order to find a flaw in one of these services. That way, he can go further in the attack.
To scan a specific port. Here is the port http:
Spoof the MAC address
L'MAC address spoofing and the changing a MAC address so that it looks like another network card. This technique is called "MAC Spoofing"
nmap --spoof-mac Cisco 127.0.0.1
See all open TCP ports
See all open UDP ports
FTP bounce scan
FTP bounce scanning is provided by the -b option. It allows you to ask an FTP server to scan the ports for you. This technique is a bit old but it is still possible to find vulnerable FTP servers.
In my case, I go through my local FTP server which has the address 127.0.0.1 to scan a range ofIP addresses :
The real usefulness of Nmap for pentesters lies in the combination of the latter with Metasploit Framework to scan one or more machines and automatically launch exploits.
Finally, I strongly encourage you to test Nmap on your network in order to verify that your machines do not present any exploitable flaw.
And if you have other examples of Nmap uses, you can post them in a comment.